Phishing and Email: Some Caveats

August 7, 2017 (San Diego) You might have gotten an email from Apple informing you that you paid for an in-app purchase that you do not own. The email looks very legit, and even has a way for you to sign on to the Apple official site. It looks very good, and official, but it is not. The first hint this is a phishing attemp is that this is for an in app purchase for an app that you do not own. The second is that it is missing a few elements that you may get when you purchase an app at the actual App Store. Coincidentally I had done that, so I had them side by side,. The one from Apple has a few elements the other one did not.

This is not just Apple. I have been getting warnings from a bank that my account is in trouble. It ranges from overdrafts, to security concerns. The problem is, I have no account with such a bank. We are being targetted because whoever is sending them knows we are in the population that just might have an account with that bank. Nor is this the only incident coming from banks with whom I have no relationship, or had one twenty five years ago.

These are just two examples of what in the business is called phishing. All these emails have a wonderful link you can click to go to the site, and fix whatever it is ailing you,. The sites look like the real thing. The one for Apple is extremely convincing. However, once you log in to this site, it is not Apple you are dealing with, or either of these two banks. It is your lovely hacker to whom you just gave access to your account and in the case of the bank your financial information. They are also used to steal your identity. All these are sold in the dark web. (I went so far as to check the link for the purposes of the story, but knew better than to enter anything into any field. The site was an exact copy of the Apple site, and that is on purpose. It is called spoofing a site.)

So here is what you do if you get any of these rather suspicious emails.

If you think this is actually real, do NOT click on the link in the email. You can find the site by just going to your browser.

Find out if the company you are dealing with actually charged you. It does happen, mistakes do happen, though in the case of appstores rarely. I did contact Apple thinking they might have by mistake. My real objective was to get their email address for this. The email in the case of Apple is reportphising@apple.com

If you are dealing with a bank, that email might be somewhere in their website, Sometimes they are harder to get. I contacted Chase some years back and forwarded them the phishing attempts as well.

Why should you do that? First off, this is a crime. Second, you might not be a good fish, that will byte on that tasty worm on the hook, but family of yours will. The real victims of this tend to be older Americans

From research in the field: “Current older adult cohorts may be particularly vulnerable to phishing attempts. In fact, older adults appear to be disproportionately targeted for many types of fraud, including financial exploitation as a result of their greater potential for wealth; decreased familiarity, comfort, and self-efficacy using computers; less experience with web browsing; and increased risk for age-related cognitive decline.”

Also as you get older, you will be more vulnerable as well. So this is protecting yourself. If you are a much younger person, they will have other techniques to target you. Why? This is an ever evolving threat to your data. So what I am writing right now, may, or may not work 10 years from now.

According to the FBI these are the common schemes for these kinds of efforts, with computers being just one component.